Important critical Etherpad release – 1.6.4

This release fixes several security vulnerabilities in recent versions:

One is an arbitrary code execution vulnerability in version 1.6.3.

Another is an arbitrary code execution vulnerability which is present in all versions from 1.5.0 on, but only exploitable on sites that store pads in DirtyDB, CouchDB, MongoDB, or RethinkDB.

A third allows attackers to export any pad without knowing its name (as normally required) in all versions from 1.5.0 on.

The Etherpad Leadership Team recommends that administrators upgrade to 1.6.4 as soon as possible to mitigate these issues.

“Etherpad is key to a number of organization that promote collaboration, freedom and transparency and as such we are proud to provide infrastructure for these values,”

said John McLear, Etherpad’s chief maintainer.

“In a world that is becoming more fragmented, we’re very keen to promote global collaboration and are dedicated to improving the security of Etherpad.”

About Etherpad

Etherpad is a highly customizable free software editor for collaborative editing online. Used to support collaboration across many important initiatives across the Internet, Etherpad is critical web infrastructure. Etherpad is widely used by individuals and groups who want to collaborate effectively using decentralized trusted free software.